+NEWS for the Nettle 4.0 release
+
+ This is a major cleanup release, with a few changes to
+ Nettle's API, as well as deletion of obsolete features. There
+ are also several improvements to the ABI that leaves the API
+ mostly unchanged, in particular, smaller context structs for
+ several algorithms.
+
+ The most disruptive API change is that the *_digest functions
+ no longer takes the desired digest size as argument. Truncated
+ hashes appeared to be an important use case decades ago when
+ the previous interface was designed, but that is now rather
+ obscure.
+
+ Feedback on the new interfaces is appreciated, e.g., if the
+ variable tag length for OCB and CCM should be supported
+ differently, if additional types would benefit from larger
+ alignment, or if there are remaining interface bugs or
+ inconsistencies. Smaller additional API or ABI changes may be
+ considered for the next release, Nettle-4.1, but after that,
+ the intention is that both ABI and API should stay backwards
+ compatible for a longer time.
+
+ The shared library names are libnettle.so.9.0 and
+ libhogweed.so.7.0, with new sonames libnettle.so.9 and
+ libhogweed.so.7.
+
+ Interface deletions:
+
+ * Deleted the old struct aes_ctx, and all functions operating
+ on it. Use the fixed key size interfaces instead, e.g.,
+ struct aes256_ctx, introduced in Nettle-3.0.
+
+ * Deleted dsa-compat.h, and everything declared therein. Use
+ the interface in dsa.h, introduced in Nettle-3.0.
+
+ * Deleted old header sha.h. Use sha1.h or sha2.h instead, as
+ appropriate.
+
+ * Deleted the general HMAC interface, with functions like
+ hmac_set_key that work with an arbitrary underlying hash
+ function. Use the specific hmac functions instead, e.g.,
+ hmac_sha256_set_key, or the mac abstraction defined in
+ nettle-meta.h, e.g, the nettle_hmac_sha256 instance.
+
+ * Deleted md5-compat.h, and everything declared therein. Use
+ the interface in md5.h instead (or even better, stop using md5).
+
+ * Deleted pgp.h, and everything declared therein. This attempt
+ to support openpgp formats was incomplete, undocumented, and
+ mostly obsolete.
+
+ * Delete all the *_DATA_SIZE compatibility aliases. Use
+ corresponding *_BLOCK_SIZE constants instead, introduced in
+ Nettle-3.0.
+
+ * Deleted the obsolete functions _rsa_blind and _rsa_unblind.
+ (Current RSA blinding in Nettle uses internal functions with
+ a different interface).
+
+ * Delete compatibility aliases salsa20_set_iv,
+ SALSA20_IV_SIZE. These were renamed to salsa20_set_nonce and
+ SALSA20_NONCE_SIZE in Nettle-3.0.
+
+ * Deleted compatibility aliases _nettle_md5_compress,
+ _nettle_sha1_compress. These internal functions were
+ promoted to documented and supported functions in
+ Nettle-3.9, with new names md5_compress and sha1_compress.
+
+ * Deleted compatibility alias yarrow_force_reseed. Renamed to
+ yarrow_slow_reseed in Nettle-2.0.
+
+ Interface changes:
+
+ * The _digest functions for hash algorithms, MACs and AEADs no
+ longer take the desired digest size as argument, instead,
+ they always produce the full-size digest. The typedef
+ nettle_hash_digest_func has also been changed accordingly.
+
+ There are two exceptions: CCM and OCB (functions ccm_digest,
+ ocb_digest, ccm_ae128_digest, ocb_aes128_digest, ...). These
+ AEAD algorithms are specified with a variable tag length,
+ which is not a mere truncation of the output.
+
+ * The functions to process complete messages using CCM AES now
+ take a const cipher context as the first argument, e.g,
+ first argument to ccm_aes128_encrypt_message is now a const
+ struct aes128_ctx *. It used to be a struct ccm_aes128_ctx
+ *, where everything but the underlying cipher context was
+ ignored.
+
+ * The SHA3 functions now use the same struct sha3_ctx for all
+ flavors, and the same function sha3_init. Old names, e.g.,
+ sha3_256_ctx and sha3_256_init, are defined as preprocessor
+ aliases, for backwards compatibility.
+
+ ABI changes and improvements.
+
+ * Introduce 16-byte alignment on certain types. Applied to
+ union nettle_block16, and subkey arrays of AES and UMAC.
+ This is intended to improve performance for SIMD load and
+ store instructions, which on some platforms may be faster
+ with proper alignment. The larger alignment is enabled only
+ for platforms where the alignment of the uint64_t type is 8.
+
+ * Size of struct gcm_key is reduced from 4096 bytes to 2048.
+
+ * Size of the new sha3_ctx is considerable smaller, 216 bytes,
+ than the previous types that included a buffer for a
+ complete block. E.g., the largest one, for sha3_128_ctx
+ (shake128), used to be 376 bytes.
+
+ * Size of HMAC contexts have been reduced, by not including
+ multiple block buffers. E.g, size of struct hmac_sha256_ctx
+ reduced from 336 bytes to 192. This change has been
+ discussed for a long time, with first attempt made by Dmitry
+ Baryshkov years ago, but delayed, since it implies an ABI
+ break.
+
NEWS for the Nettle 3.10.1 release
This is a maintenance release, with only a few bugfixes and
projects / thirdparty / nettle.git / commitdiff
